Wired Intelligent Edge

 View Only
last person joined: 12 hours ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Aruba-2540 InterVlan Routing

This thread has been viewed 12 times

  • 1.  Aruba-2540 InterVlan Routing

    Posted Jul 27, 2020 07:49 AM

    Hello Guys,

     

    I need help with the VLAN routing on the Aruba-2540.

     

    I have 3 Vlan's 

     

    Vlan 1 = Default Vlan

    Vlan 20 = Clients

    Vlan 30 = Printer

     

    I can't reach the GW from the Vlan 20 an 30.

     

    I can't find the failure.

     

     

    This is the config


    hostname "Aruba-2540-48G-4SFPP"
    module 1 type jl355a
    dhcp-relay option 82 keep ip
    web-management ssl
    ip default-gateway 192.168.1.10
    ip route 0.0.0.0 0.0.0.0 192.168.1.10
    ip routing
    snmp-server community "public" unrestricted
    vlan 1
    name "DEFAULT_VLAN"
    no untagged 2-52
    untagged 1
    ip address dhcp-bootp
    ipv6 enable
    ipv6 address autoconfig
    ipv6 address dhcp full
    exit
    vlan 10
    name "Primary"
    untagged 2-24,49-52
    ip address dhcp-bootp
    ipv6 enable
    ipv6 address autoconfig
    exit
    vlan 20
    name "Clients"
    untagged 37-48
    ip address 10.1.20.1 255.255.255.0
    ipv6 enable
    ipv6 address autoconfig
    dhcp-server
    exit
    vlan 30
    name "Drucker"
    untagged 25-36
    ip address 10.1.30.1 255.255.255.0
    dhcp-server
    exit
    primary-vlan 10
    management-vlan 1
    spanning-tree
    no tftp server
    no autorun
    no dhcp config-file-update
    no dhcp image-file-update
    dhcp-server pool "Clients"
    authoritative
    default-router "10.1.20.1"
    dns-server "8.8.8.8,8.8.4.4"
    lease 00:01:00
    network 10.1.20.0 255.255.255.0
    range 10.1.20.50 10.1.20.80
    exit
    dhcp-server pool "Drucker"
    authoritative
    default-router "10.1.30.1"
    dns-server "8.8.8.8,8.8.4.4"
    lease 00:01:00
    network 10.1.30.0 255.255.255.0
    range 10.1.30.50 10.1.30.80
    exit
    dhcp-server enable
    password manager
    password operator

     

     

    KR

    Christoph

     



  • 2.  RE: Aruba-2540 InterVlan Routing

    EMPLOYEE
    Posted Jul 27, 2020 07:56 AM

    Can devices in VLANs 20 and 30 get IP addresses for the DHCP pools you have configured? Can you check on those devices that the default gateway address is 10.1.20.1 and 10.1.30.1 respectively?

     

    From those clients, if they're getting appropriate IP addresses, are you able to ping the default gateway (the 2540 addresses) for that VLAN interface? So a client in VLAN 20 should be able to ping 10.1.20.1....



  • 3.  RE: Aruba-2540 InterVlan Routing

    Posted Jul 27, 2020 08:01 AM

    yes the clients and printer get the address from the dhcp and the gw is right 

     

    10.1.20.1 on the clients vlan and 10.1.30.1 and both can ping the addresses.

     

     



  • 4.  RE: Aruba-2540 InterVlan Routing

    EMPLOYEE
    Posted Jul 27, 2020 08:03 AM

    This is a crazy idea... just a thought... could you try turning off ip routing ('no ip routing') then issue the ip routing command again... save the config and reboot the switch. I understand if you are unable to do this during production hours.



  • 5.  RE: Aruba-2540 InterVlan Routing

    Posted Jul 27, 2020 08:05 AM

    this is a test lab, so i can do this without problems, i will do that an give you a feedback



  • 6.  RE: Aruba-2540 InterVlan Routing

    Posted Jul 27, 2020 08:18 AM
      |   view attached

    i got the same problem, i can't reach the gw

     

    KR

     

    Christoph



  • 7.  RE: Aruba-2540 InterVlan Routing

    EMPLOYEE
    Posted Jul 27, 2020 08:28 AM

    I don't have a 2540 to test with and would have thought what you are doing is possible. 

     

    Can you show us the resulting information from the 'show ip route' command please? Also, might as well see 'show ip'.

     

    Can the clients in VLAN 20 or 30 ping beyond the switch? I can see you have a default route in there. Can they ping 8.8.8.8 for example?



  • 8.  RE: Aruba-2540 InterVlan Routing

    Posted Jul 27, 2020 08:41 AM
      |   view attached

    i can't reach 8.8.8.8 

     

    show ip and show ip route results are in the screenshot



  • 9.  RE: Aruba-2540 InterVlan Routing

    EMPLOYEE
    Posted Jul 27, 2020 08:48 AM

    Can the switch ping the clients?



  • 10.  RE: Aruba-2540 InterVlan Routing

    Posted Jul 27, 2020 08:52 AM
      |   view attached

    as seen on the screenshot i can ping both from the switch



  • 11.  RE: Aruba-2540 InterVlan Routing

    EMPLOYEE
    Posted Jul 27, 2020 09:03 AM

    All the basics are correct that I can see. I feel like something simple might be tripping you up here.

     

    Are you testing with a single client? Or do you have a client in both VLANs 20 and 30 simultaneously? The ArubaOS Switch platform will disable the VLAN interface if there is no active link for that VLAN. The VLAN IP interface (SVI) will go down if you only have one client and are switching it over to test.

     

    Could you show me the most recent output from 'show log -r' which would possibly verify this. You might see something like "vlan: Drucker virtual LAN disabled".



  • 12.  RE: Aruba-2540 InterVlan Routing

    Posted Jul 27, 2020 09:11 AM

    This is the result of show log -r

     

    Spoiler

    Aruba-2540-48G-4SFPP# show log -r
    Keys: W=Warning I=Information
    M=Major D=Debug E=Error
    ---- Reverse event Log listing: Events Since Boot ----
    I 07/27/20 12:35:04 00001 vlan: Drucker virtual LAN enabled
    I 07/27/20 12:35:04 00076 ports: port 32 is now on-line
    I 07/27/20 12:35:01 00435 ports: port 32 is Blocked by STP
    W 07/27/20 12:18:52 05228 activate: Received failure response from the Activate
    server with status code: fail-prov-no-device
    I 07/27/20 12:18:49 05226 activate: Successfully resolved the Activate server
    address devices-v2.arubanetworks.com to 34.217.246.112.
    I 07/27/20 12:18:49 05627 activate: Time sync with NTP server is successful.
    I 07/11/20 19:40:53 05225 activate: Loading security certificates and
    synchronizing time.
    I 07/11/20 19:32:00 00179 mgr: SME SSH from 192.168.1.176 - MANAGER Mode
    I 07/11/20 19:31:57 03362 auth: User 'Admin' logged in from 192.168.1.176 to SSH
    session
    I 07/11/20 19:31:25 00025 ip: DEFAULT_VLAN: ip address 192.168.1.163/24
    configured on vlan 1
    I 07/11/20 19:31:25 00083 dhcp: DEFAULT_VLAN: updating IP address and subnet
    mask
    I 07/11/20 19:31:14 00025 ip: DEFAULT_VLAN: ip address
    fe80::8a3a:30ff:fe5c:7180/64 configured on vlan 1
    I 07/11/20 19:31:13 00025 ip: Clients: ip address fe80::8a3a:30ff:fe5c:7180/64
    configured on vlan 20
    I 07/11/20 19:31:11 00001 vlan: DEFAULT_VLAN virtual LAN enabled
    I 07/11/20 19:31:11 00076 ports: port 1 is now on-line
    I 07/11/20 19:31:10 00001 vlan: Clients virtual LAN enabled
    I 07/11/20 19:31:10 00076 ports: port 46 is now on-line
    I 07/11/20 19:31:08 00828 lldp: PVID mismatch on port 2(VID 10)with peer device
    port 18(VID 1)(1)
    I 07/11/20 19:31:07 00435 ports: port 46 is Blocked by STP
    I 07/11/20 19:31:07 00435 ports: port 2 is Blocked by STP
    I 07/11/20 19:31:07 00435 ports: port 1 is Blocked by STP
    I 07/11/20 19:31:03 02555 chassis: Co-processor Ready
    I 07/11/20 19:31:01 03803 chassis: System Self test completed on 1-52
    I 07/11/20 19:30:55 03802 chassis: System Self test started on 1-52
    I 07/11/20 19:30:55 03401 crypto: Function POWER UP passed selftest.
    I 07/11/20 19:30:55 04262 dhcp-server: All IP addresses are removed from the
    conflict-logging database
    I 07/11/20 19:30:55 04250 dhcp-server: DHCP server is enabled globally
    I 07/11/20 19:30:54 02553 chassis: Loading of Co-processor OS image complete.
    I 07/11/20 19:30:53 02552 chassis: Loading of Co-processor OS image in progress.
    I 07/11/20 19:30:53 02550 chassis: Requesting Co-processor OS image location in
    flash.
    I 07/11/20 19:30:53 00066 system: System Booted
    I 07/11/20 19:30:52 04274 dhcp-server: DHCP server is listening for DHCP packets
    I 07/11/20 19:30:52 04255 dhcp-server: DHCP server is enabled on VLAN 30
    I 07/11/20 19:30:52 04255 dhcp-server: DHCP server is enabled on VLAN 20
    I 07/11/20 19:30:52 04260 dhcp-server: Conflict-logging is disabled
    I 07/11/20 19:30:52 04257 dhcp-server: Ping-check configured with retry count =
    2, timeout = 1
    I 07/11/20 19:30:51 00410 SNTP: Client is enabled.
    I 07/11/20 19:30:51 02633 SNTP: Client authentication is disabled.
    I 07/11/20 19:30:51 00688 lldp: LLDP - enabled
    I 07/11/20 19:30:51 00417 cdp: CDP enabled
    I 07/11/20 19:30:51 04695 auth: Command authorization method set to none.
    I 07/11/20 19:30:51 04695 auth: Command authorization method set to none.
    I 07/11/20 19:30:51 00433 ssh: Ssh server enabled
    I 07/11/20 19:30:51 00056 stp: Spanning Tree Protocol enabled
    I 07/11/20 19:30:51 00463 ssl: SSL HTTP server enabled on TCP port 443
    I 07/11/20 19:30:50 00110 telnet: telnetd service enabled
    I 07/11/20 19:30:50 02638 srcip: SFLOW oper policy for IPv6 is 'outgoing
    interface'
    I 07/11/20 19:30:50 02637 srcip: SFLOW admin policy for IPv6 is 'outgoing
    interface'
    I 07/11/20 19:30:50 02638 srcip: SNTP oper policy for IPv6 is 'outgoing
    interface'
    I 07/11/20 19:30:50 02637 srcip: SNTP admin policy for IPv6 is 'outgoing
    interface'
    I 07/11/20 19:30:50 02638 srcip: TFTP oper policy for IPv6 is 'outgoing
    interface'
    I 07/11/20 19:30:50 02637 srcip: TFTP admin policy for IPv6 is 'outgoing
    interface'
    I 07/11/20 19:30:50 02638 srcip: TELNET oper policy for IPv6 is 'outgoing
    interface'
    I 07/11/20 19:30:50 02637 srcip: TELNET admin policy for IPv6 is 'outgoing
    interface'
    I 07/11/20 19:30:50 02638 srcip: SYSLOG oper policy for IPv6 is 'outgoing
    interface'
    I 07/11/20 19:30:50 02637 srcip: SYSLOG admin policy for IPv6 is 'outgoing
    interface'
    I 07/11/20 19:30:50 02638 srcip: RADIUS oper policy for IPv6 is 'outgoing
    interface'
    I 07/11/20 19:30:50 02637 srcip: RADIUS admin policy for IPv6 is 'outgoing
    interface'
    I 07/11/20 19:30:50 02638 srcip: SFLOW oper policy is 'outgoing interface'
    I 07/11/20 19:30:50 02637 srcip: SFLOW admin policy is 'outgoing interface'
    I 07/11/20 19:30:50 02638 srcip: SNTP oper policy is 'outgoing interface'
    I 07/11/20 19:30:50 02637 srcip: SNTP admin policy is 'outgoing interface'
    I 07/11/20 19:30:50 02638 srcip: TFTP oper policy is 'outgoing interface'
    I 07/11/20 19:30:50 02637 srcip: TFTP admin policy is 'outgoing interface'
    I 07/11/20 19:30:50 02638 srcip: TELNET oper policy is 'outgoing interface'
    I 07/11/20 19:30:50 02637 srcip: TELNET admin policy is 'outgoing interface'
    I 07/11/20 19:30:50 02638 srcip: SYSLOG oper policy is 'outgoing interface'
    I 07/11/20 19:30:50 02637 srcip: SYSLOG admin policy is 'outgoing interface'
    I 07/11/20 19:30:50 02638 srcip: RADIUS oper policy is 'outgoing interface'
    I 07/11/20 19:30:50 02637 srcip: RADIUS admin policy is 'outgoing interface'
    I 07/11/20 19:30:50 02638 srcip: TACACS oper policy is 'outgoing interface'
    I 07/11/20 19:30:50 02637 srcip: TACACS admin policy is 'outgoing interface'
    I 07/11/20 19:30:50 00690 udpf: DHCP relay agent feature enabled
    I 07/11/20 19:30:50 02604 dhcpv6r: Inclusion of client link-layer address in
    DHCPv6 relay message is disabled.
    I 07/11/20 19:30:50 00965 dhcpv6c: DHCPv6 client has been enabled on Vlan-id: 1
    M 07/11/20 19:30:49 02797 chassis: Internal power supply 1 is OK. Total fault
    count: 0.
    M 07/11/20 19:30:49 02796 chassis: Internal power supply 1 inserted. Total fault
    count: 0.
    I 07/11/20 19:30:49 02759 chassis: Savepower LED timer is OFF.
    I 07/11/20 19:30:49 02712 console: USB console cable disconnected
    I 07/11/20 19:30:49 02712 console: USB console cable disconnected
    M 07/11/20 19:30:49 00064 system: Operator warm reload.
    I 07/11/20 19:30:49 00063 system: Member 1 went down: 07/11/20 19:30:34
    I 07/11/20 19:30:49 00061 system: -----------------------------------------
    I 07/11/20 19:30:49 05578 profile-manager: With this SW release the poe-value
    field is not allowed to be set when poe-alloc-by is not value.
    Changing to default value of 17w.
    I 07/11/20 19:30:48 03803 chassis: System Self test completed on Master
    I 07/11/20 19:30:48 03802 chassis: System Self test started on Master
    I 07/11/20 19:30:48 03803 chassis: System Self test completed on Master
    I 07/11/20 19:30:48 03802 chassis: System Self test started on Master
    ---- Top of Log : Events Listed = 88 ----


  • 13.  RE: Aruba-2540 InterVlan Routing

    EMPLOYEE
    Posted Jul 28, 2020 04:43 AM

    With "clients can't reach the gateway", do you mean that the can't ping to 192.168.1.10?

     

    Also, I understand that the clients in VLAN20 can ping clients in VLAN30 (and vice-versa)?

     

    Can the clients in VLAN20/30 ping to the switch in it's default VLAN (192.168.1.163)?

     

    If you can ping between the VLANs, and ping addresses on the switch, but not to and beyond the router, does the router have routes back to the subnets for vlan 20/30? It seems not, as the IP on the default VLAN is 1. The router needs to have a route back otherwise the packets for 10.1.x.x will go out of its default route which is towards the ISP.



  • 14.  RE: Aruba-2540 InterVlan Routing

    Posted Jul 28, 2020 05:18 AM

    Hi,

     

    the VLAN 20/30 can't reach the 192.168.1.163 IP.

     

    what i have to do, if i have only a mpls router from the ISP?

    I can't configure the mpls router

     

     



  • 15.  RE: Aruba-2540 InterVlan Routing

    EMPLOYEE
    Posted Jul 28, 2020 05:41 AM

    You will need to get the subnets for VLAN 20 and 30 routed by your MPLS provider or use subnets that are already routed by your ISP to your switch (if any). One possible alternative is to put a NAT device between your switch and the ISP router, but with just the switch you can't add additional IP subnets, but that is probably not what you want.

     

    Seems you will need to work with your ISP to get the additional VLANs routed.



  • 16.  RE: Aruba-2540 InterVlan Routing

    Posted Jul 29, 2020 10:12 AM

    Hi Geh,

    You should should be able to make ping from the 2540 to any station in any of your VLANs (1,20,30). If so, your virtuals interfaces on the 2540 are up and forwarding. 

    You have configured your default route to your default gateway (192.168.1.10) with these commands:

    ip default-gateway 192.168.1.10
    ip route 0.0.0.0 0.0.0.0 192.168.1.10

    I would use just only one, both do the same, so, just in case, delete one of them.

    If you could ping from any station in any VLAN to any other station in another VLAN (avoid doing it from any router as the source or the destination for the ping command), then your 2540 is routing correctly among all your VLANs directly connected to your 2540.

     

    Now go to any station in VLAN 20 and make a trace route to any station behind your MPLS network (behind your default gateway 192.168.1.10), if you cannot see answers from any hop farther than your 2540, it would mean that your default gateway 192.168.1.10 does not know the next hop to return packets to VLAN 20, and it is routing towards any other gateway. So, as Herman said, I think you should talk to your provider in order to add the return routes in your default gateway and the MPLS behind it.

     

    Regards